Sha256: 5760ed363bf399192f3093d73dd47b545f6cc8a11b657c00f81217d41a9c605a

Contents?: true

Size: 1.25 KB

Versions: 8

Compression:

Stored size: 1.25 KB

Contents

require 'spec_helper'

class ForgeriesController < ActionController::Base
  include Clearance::Controller

  protect_from_forgery

  if respond_to?(:before_action)
    before_action :require_login
  else
    before_filter :require_login
  end

  # This is off in test by default, but we need it for this test
  self.allow_forgery_protection = true

  def create
    redirect_to action: 'index'
  end
end

describe ForgeriesController do
  context 'signed in user' do
    before do
      Rails.application.routes.draw do
        resources :forgeries
        get '/sign_in'  => 'clearance/sessions#new', as: 'sign_in'
      end

      @user = create(:user)
      @user.update_attribute(:remember_token, 'old-token')
      @request.cookies['remember_token'] = 'old-token'
    end

    after do
      Rails.application.reload_routes!
    end

    it 'succeeds with authentic token' do
      token = controller.send(:form_authenticity_token)
      post :create, authenticity_token: token
      expect(subject).to redirect_to(action: 'index')
    end

    it 'fails with invalid token' do
      post :create, authenticity_token: 'hax0r'
      expect(subject).to deny_access
    end

    it 'fails with no token' do
      post :create
      expect(subject).to deny_access
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version Path
clearance-1.16.1 spec/controllers/forgeries_controller_spec.rb
clearance-1.16.0 spec/controllers/forgeries_controller_spec.rb
clearance-1.15.1 spec/controllers/forgeries_controller_spec.rb
clearance-1.15.0 spec/controllers/forgeries_controller_spec.rb
clearance-1.14.2 spec/controllers/forgeries_controller_spec.rb
clearance-1.14.1 spec/controllers/forgeries_controller_spec.rb
clearance-1.14.0 spec/controllers/forgeries_controller_spec.rb
clearance-1.13.0 spec/controllers/forgeries_controller_spec.rb